New awareness module on information security governance

 The field of corporate governance exploded onto management’s agenda following Enron’s collapse in 2000/2001 and the introduction of SOX (Sarbanes Oxley Act) in 2002. There has been some public discussion of IT governance since then but information security governance is still emerging from the murk.

This month we expand on what ‘governance’ means and how it relates to information security in particular. It affects our target audiences (staff, managers and IT professionals) differently so we explain the implications in practical terms, covering the essential elements that everyone should comprehend.

You may have seen the recent news about the arrest of a network administrator in San Francisco. As reported, the accused was solely responsible for designing, operating and securing the city government’s network. He allegedly refused to disclose the network admin passwords at first, preventing others from managing the network in his absence. While it’s far too early to determine whether there is any truth behind the allegations, the story has fascinating governance implications that find their way into a case study and newsletter. Read on.

PCI DSS - a practical guide to implementation

 If you are an experienced information security professional or project manager tasked with your first PCI DSS implementation, this new book from IT Governance (coupled with PCI DSS itself and various other sources of guidance) will be a worthwhile starting point and companion on your journey to compliance. It is good value and easy to read, providing many pragmatic tips. Read our book review for more.

We’ve moved!

 We have moved East across New Zealand’s North Island to sunny Hawke’s Bay, near Napier. After the city was decimated by an earthquake 1931, Napier was completely rebuilt and much of the fabulous original art deco architecture remains to this day but the earthquake risk remains. Please update our contact details.